I edited my original Q to show that I am including the SignatureMethod=HmacSHA256 string, but it doesn't help :(
–
GeekedOutJan 13 '12 at 22:20

Have you made sure that there is no white space creeping in to you query string say perhaps after "start?"?
–
travegaJan 19 '12 at 2:47

Can I also ask why you are encoding the : and / characters in your returnUrl if you are URLEncoding it anyway?
–
travegaJan 19 '12 at 2:49

Please provide all of the code used to generate your request. You haven't provided enough code for us to reproduce the issue. We won't be able to trouble shoot this issue without being able to reproduce it. The best answers you can expect are speculations based on the provided error code. As I have suggested to you in two of your previous questions related to FPS you need to be using the FPS library provided here aws.amazon.com/code/Amazon-FPS/4094948623747680 or at the very least you need to study the code as an example.
–
Jonathan SpoonerJan 19 '12 at 9:16

@JonathanSpooner just added all the code to generate the request. Thanks for trying to help :)
–
GeekedOutJan 19 '12 at 17:51

The only piece that wasn't suggested was that you need to use rawurlencode() on the transactionAmount that's part of the $string_to_sign.

Most other answers are a piece of the problem. For instance, you need to add a new line to the $string_to_sign after the GET (which you have), after the authorize.payments-sandbox.amazon.com, and after the /cobranded-ui/actions/start. You also need to set the $raw_output parameter to true in the hash_hmac() function.

I've included a complete working rewrite of your code (replace <Your_Access_Key> and <Your_Secret_Key>):

However, I strongly suggest that you use the PHP library provided by the FPS community which can be downloaded here. I use this in production code and have never had an issue. Using the FPS library, your code would look like the following:

Your $string_to_sign variable is missing a '?' between start and SignatureMethod for your encoded Signature.

Signature version 2 is an enhanced signing method for both Amazon
Simple Pay and Amazon Flexible Payments Service.

For inbound requests (from your application to Amazon Payments), it
uses the entire request URI as the basis for the signature, with
encryption based on the unique security credentials for your account.

For outbound requests (from Amazon Payments to your application),
Amazon signs the response which you can verify using the
VerifySignature API

EDIT:

As @Jonathan Spooner mentioned already and what I use is the function varifySignature() located in

/amazon-fps-2010-08-28-php5-library/src/Amazon/FPS/Samples/Client.php

which can be downloaded here. It also has an example as to how to use it in

Your signature is still not the same as your request URI though... I notice your pipelineName parameter is missing from your signature URI and your parameters are in a different order to that of the request URI. I would suggest try to make your signature a clone of your request URI - obviously without the signature tacked on the end of your signature URI ;)
–
travegaJan 19 '12 at 21:27

another commenter suggested I should not have space characters :) I am kind of lost how it should be. Do you have something similar working for you? How did you code it up?
–
GeekedOutJan 20 '12 at 16:24